Clast82, this is the name given to the new malware discovered by Check Point in nine Utility apps on the Google Play Store
Check Point Research, the Threat Intelligence division of Check Point Software Technologies Ltd., discovered a new dropper – a program designed to spread malware to a victim’s phone – within 9 utility apps on the Google Play Store. Dubbed “Clast82” by researchers, the dropper bypassed the store’s protections to activate a second malware that gave the hacker access to the victims’ financial accounts, as well as control of their smartphones.
Clast82 releases AlienBot Banker malware-as-a-service, a second-stage malware that targets financial apps by bypassing two-factor authentication codes for such services. At the same time, Clast82 is equipped with a mobile remote access trojan (MRAT) capable of controlling the device with TeamViewer, making the hacker the real owner without the victim’s knowledge.
Check Point outlined Clast82’s method of attack as follows:
Clast82 uses a number of techniques to evade Google Play Protect detection. In particular, Clast82:
For each app, the attacker has created a new developer user for the Google Play Store, along with a repository on the actor’s GitHub account, thus allowing different payloads to be distributed to devices that have been infected with each malicious app.
The hacker used legitimate and well-known open-source Android apps. Here is the list:
CPR communicated its findings to Google on January 28, 2021. On February 9, Google has confirmed that all Clast82 apps have been removed from the Google Play Store.
Aviran Hazum, Check Point’s Manager of Mobile Research, said:
The hacker behind Clast82 was able to bypass Google Play’s protections using a creative, but worrying methodology. With a simple manipulation of easily found third-party resources – such as a GitHub account, or a FireBase account – the hacker was able to leverage available resources to bypass Google Play Store protections. The victims thought they were downloading a harmless utility app from the official Android store, but instead it was a dangerous Trojan targeting their financial accounts. The dropper’s ability to remain undetected demonstrates the importance of why a mobile security solution is needed. It is not enough to scan the app during analysis, as an attacker can, and will, change the behavior of the app using third-party tools.
Radiation fever leaves the confines of the Amazon Prime Video TV series: Microsoft is more…
Qualcomm Technologies, Inc. today expands the Snapdragon X series leading platform portfolio by introducing Snapdragon…
How often do you hear about technologies like 4G or 5G? Often, we imagine. You…
Today everything has become digital, even the butcher's shop that sells cured meats. So if…
If you are looking for link 2000 of free monopoly go, you have landed on…
In today's world there are so many ways to eat, so many diets to follow…